CISOs Should Concerns Themselves with REvil and Darkside Ransomware Surge

58
CISOs Should Concerns Themselves with REvil and Darkside Ransomware Surge

The latest report from McAfee Enterprise shows worrying trends in REvil and Darkside ransomware.

Organizations across the globe are continuously facing the threat of being comprised by REvil and Darkside ransomware. As per McAfee Enterprise’s “Advanced Threat Research Report: October 2021,” the second quarter of 2021 witnessed a surge in cyber-attacks, becoming the most concerning the cyber plan for the US administration following the wave of Colonial Pipeline attack. Beyond its devastating impact on the supply chain, the ransomware was expelled from the safe cybercriminal underground forums.

Also, the Darkside ransomware group has halted its operations during the same time while the BlackMatter movement was ongoing. However, the global threat network of McAfee Enterprise saw a surge in Darkside attacks from various groups upon legal services, manufacturing targets, and wholesale in the United States.

Also Read: Why Mergers and Acquisitions Boom Might Be a Data Security Disaster

Just like DarkSide’s activity, other ransomware groups are operating on similar affiliate models that include, Babuk, Cuba, Ryuk, and REvil. They released business models that support involvement to exploit common entry vectors and similar activities within the environment. In the second quarter of 2021, organizations continue to witness challenges of shifting from the cloud to accommodate a flexible workforce that increases the workload, thereby presenting cybercriminals with more potential exploits and targets.

“Since the last one and a half year, we have moved to a largely flexible model of work, thus becoming ever reliant on the cloud,” says Raj Samani, Chief Scientist & McAfee Fellow, McAfee Enterprise. He further added, “However, this has also opened floodgates of opportunities for cybercriminals and made enterprises more susceptible to cyber-attacks. Interestingly, Government was the most targeted sector in Q2 of 2021 with a 64% increase in publicly reported cyber incidents as per our recent Advanced Threat Report findings and India ranks 2nd after the US in the list of the most targeted countries for cloud incidents.”

The report further revealed that the below cloud threat incidents and targets ranked high up in the hierarchy among the top 10 report countries (India, Australia, Brazil, Japan, Mexico, Singapore, and Germany):

  • Financial Services were targeted the most among cloud incidents followed by, Retail, Professional Services, Healthcare and Manufacturing Among the most targeted cloud incidents Financial Services were targeted the most followed by Retail, Professional Services, Manufacturing, and Healthcare. 50% of the top 10 cloud incidents targeted Financial Services, including China, Canada, Singapore, United States, and Australia.
  • 34% of cloud incidents recorded targeted verticals in the United States with a decrease of 19% in Great Britain
  • Among the top ten countries, the United States reported the highest number of incidents at 52%, followed by India, Australia, Canada, and Brazil.

Also Read: Strategies for Securing Critical Infrastructure in the Digital Battleground

“While this is a worrying trend, I believe that ensuring cybersecurity is more than an IT problem. It starts with everyone following good security practices at an individual level. Using strong passwords and backups are some of the basics everyone can adopt, and the goal of cybersecurity is to provide enough security to make the attack financially not worthwhile,” added Raj Samani.

For more such updates follow us on Google News ITsecuritywire News